Administration Console Online Help

Use roles and policies
to secure resources

To secure a resource in a
WebLogic Server domain, you create a policy and an optional role. A
resource is an entity (such as a Web Service or a server
instance) or an action (such as a method in a Web Service or the act of
shutting down a server instance). A policy specifies which users,
groups, or roles can access the resource under a set of conditions. A
security role, like a security group, grants an identity to a
user. Unlike a group, however, membership in a role can be based on a
set of conditions that are evaluated at runtime. For a list of all
resource types, see Types
of WebLogic Resources.

For most types of WebLogic resources, you use the Administration
Console to define the security policies and roles that restrict access.
However, for Web application and EJB resources, you can also use
deployment descriptors. See Manage security for Web
applications and EJBs.

Oracle recommends that you use security roles to secure WebLogic
resources (instead of users or groups), because doing so increases
efficiency for administrators who work with many users. You can use
the default roles that WebLogic Server provides or create your
own.